Issues with routing…
-
Get rid of that WH NAT rule. It's nonsensical.
-
Get rid of that WH NAT rule. It's nonsensical.
I agree but if I remove that WH NAT rule, it breaks everything and I can't even ping the HP 5500 L3 interface. It's a weird one.
-
It's wrong. Get rid of it. It NATs the source address of all connections going OUT the WH interface to the WH interface address. If you did not have a route in place before, that might have appeared to fix some routing, but it was really just making things appear to be coming from the WH subnet.
-
It's wrong. Get rid of it. It NATs the source address of all connections going OUT the WH interface to the WH interface address. If you did not have a route in place before, that might have appeared to fix some routing, but it was really just making things appear to be coming from the WH subnet.
It's gone now and I'm on automatic so here is what appears. (see attached)
 -
OK. It did not pick up the NAT for the routed subnet. You should have a gateway defined in pfSense for 192.168.253.18 and a route defined for 10.96.16.0 255.255.248.0 with that gateway as the destination. If NAT still doesn't have an entry for the 10.96.16.0/21 you'll need to add one using hybrid or manual mode.
-
OK. It did not pick up the NAT for the routed subnet. You should have a gateway defined in pfSense for 192.168.253.18 and a route defined for 10.96.16.0 255.255.248.0 with that gateway as the destination. If NAT still doesn't have an entry for the 10.96.16.0/21 you'll need to add one using hybrid or manual mode.
The route was already there and when the NAT is on Automatic, the 10.96.16.0/21 shows up but I have no communication until I add the manual NAT "EM3, any, *, *, *, EM3 address, *, YES".
-
Dude. Look at the automatic NAT screen you posted. The NAT entry for 10.96.16.0/21 is not there.
I am telling you you are doing it wrong. You can either listen or not. If you are going to just dismiss what I say just let me know so I can stop wasting my time.
There is a very good reason adding that NAT entry makes some connectivity happen but doesn't fix everything as I explained above.
Get rid of the NAT entry for the WH interface and add a hybrid Outbound NAT rule for the 10.96.16/21 subnet on WAN.
Then post how you configured the routes and gateway in System > Routing.
-
Dude. Look at the automatic NAT screen you posted. The NAT entry for 10.96.16.0/21 is not there.
I am telling you you are doing it wrong. You can either listen or not. If you are going to just dismiss what I say just let me know so I can stop wasting my time.
There is a very good reason adding that NAT entry makes some connectivity happen but doesn't fix everything as I explained above.
Get rid of the NAT entry for the WH interface and add a hybrid Outbound NAT rule for the 10.96.16/21 subnet on WAN.
Then post how you configured the routes and gateway in System > Routing.
Sorry about that, the screenshot was from when I was testing. Here is the latest screenshot but I'm not sure I understand if you still want me to add anything manual since it shows up on the WAN?
 -
I'm going to do another test because I'm beginning to this it might have something to do with the pfSense and the fact that it's been running for a long time and that there may be some bad configuration we don't see. This is standard routing so it should be simple. I'm going to take another device we have, install a fresh copy and start the config from scratch. In the meantime, I'm still opened to suggestions cause it would be great to fix it rather then start over. Thanks.
-
Yeah. Post how you configured the gateway and the route like I asked for in the previous message.
-
Looks like this one for the books because I was able to get everything working from a fresh install. I'm guessing there was an inherited setting from all the past upgrades that we weren't seeing in the WebConfigurator. All the settings are now identical to the configuration I posted earlier with Automatic NAT and it worked right away. Same configuration, same rules, same subnets, same connections on nearly identical hardware.
Thanks for your help.
